Siemens, PAS Partner on Industrial Cybersecurity

Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership.

The goal of the partnership is to provide organizations the capabilities needed to identify and inventory assets, including distributed and legacy control systems, and provide visibility for detecting cyber threats and unauthorized engineering changes in multi-vendor environments.

The solutions offered as a result of the partnership can be ideal for fleet-wide monitoring in the oil and gas sector, which is largely unprepared to address cybersecurity risks in operational technology (OT) environments.

Eddie Habibi, founder and CEO of PAS, pointed out that security personnel in energy and oil & gas facilities is in many cases “blind” to the configuration state of most of their cyber assets.

“Siemens chose to help address this gap with our Cyber Integrity software, which provides customers with the context they need to drive targeted security responses to incidents and ultimately to harden systems that were designed, built, and deployed before cybersecurity was a design consideration,” Habibi told SecurityWeek. “Siemens understands that any managed security service that is going to reduce risk in any meaningful way must include all critical vendor assets.”

Leo Simonovich, Vice President of Global Cyber Security at Siemens, noted that the company had previously partnered with Darktrace for network intrusion detection and it has now selected PAS for its ability to provide configuration visibility into proprietary industrial control systems.

“These are the systems that have direct responsibility for controlling volatile processes and ensuring safety in an industrial facility. Most companies lack sufficient visibility into these critical endpoints,” Simonovich said. “With PAS, we aim to lift that veil and raise the security posture of our customers through visibility into proprietary assets and deep analytics for indicators of compromise.”

Siemens’ products are available as standalone services or part of the company’s comprehensive managed security offering, depending on the customer’s needs and maturity. PAS also provides comprehensive security services, but the company’s integrity, inventory and configuration management solutions can be acquired separately by organizations that have their own security operations centers (SOCs).

“Chief Information Security Officers with whom we speak want to leverage existing investments to reduce security risk,” explained Habibi. “Where PAS has an install base, Siemens is a natural add-on service that helps CISO’s gain actionable intelligence on systems that frankly are the lifeblood of critical infrastructure industries. Likewise, existing Siemens customers who will have other vendor systems in place, will have the ability to bring these systems under one security monitoring umbrella. This is unprecedented.”

Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.